Ok, what do you think of this firewall script?

I'm using ipchains on this one.

\r\n

#!/bin/sh                                                                   \r\n                                                                            \r\n# This script sets up the NAT and firewall for the box, and is run when the \r\n# ppp connection to Bell comes up.                                          \r\n                                                                            \r\n/sbin/ipchains -A input -j ACCEPT -i ppp0 -s 0/0 67 -d 0/0 68 -p udp        \r\n                                                                            \r\n/sbin/depmod -a                                                             \r\n/sbin/modprobe ip_masq_ftp                                                  \r\n/sbin/modprobe ip_masq_raudio                                               \r\n                                                                            \r\necho "1" > /proc/sys/net/ipv4/ip_dynaddr                                    \r\necho "1" > /proc/sys/net/ipv4/ip_forward                                    \r\necho "1" > /proc/sys/net/ipv4/ip_always_defrag                              \r\necho "1" > /proc/sys/net/ipv4/ip_masq_udp_dloose                            \r\n                                                                            \r\n/sbin/ipchains -M -S 7200 10 160                                            \r\n                                                                            \r\nipchains -F input                                                           \r\nipchains -F output                                                          \r\nipchains -F forward                                                         \r\n                                                                            \r\nipchains -P input ACCEPT                                                    \r\nipchains -P output ACCEPT                                                   \r\nipchains -P forward DENY                                                    \r\nipchains -A input -s 192.168.0.0/24 -i ppp0 -j DENY                         \r\nipchains -A input -s 127.0.0.0/8 -i ppp0 -j deny                            \r\nipchains -A forward -s 192.168.0.0/24 -i ppp0 -j MASQ                       \r\n

\r\n

I'd like to be able to set the policy of input deny, but whenever I do I end up being able to send things out by explicitly allowing input traffic from 192.168.0.0 to eth1 (internal interface) but I never get anything back as the incoming packets get killed.

At any rate... pointers on this one would be welcome. Thanks!

--\r\n-------------------------------------------------------------------\r\n* Jack Troughton jake at consultron.ca *\r\n* [link|http://consultron.ca|http://consultron.ca] [link|irc://irc.ecomstation.ca|irc://irc.ecomstation.ca] *\r\n* Laval Qu\ufffdbec Canada [link|news://news.consultron.ca|news://news.consultron.ca] *\r\n-------------------------------------------------------------------

Welcome to IWETHEY!